RSS   Podatności dla 'Teamcity'   RSS

2022-02-25
 
CVE-2022-24330

CWE-601
 

 
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.

 
 
CVE-2022-24331

CWE-287
 

 
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.

 
 
CVE-2022-24332

CWE-613
 

 
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.

 
 
CVE-2022-24333

CWE-918
 

 
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.

 
 
CVE-2022-24334

NVD-CWE-noinfo
 

 
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.

 
 
CVE-2022-24335

CWE-367
 

 
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.

 
 
CVE-2022-24336

CWE-668
 

 
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.

 
 
CVE-2022-24337

CWE-276
 

 
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.

 
 
CVE-2022-24338

CWE-79
 

 
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.

 
 
CVE-2022-24339

CWE-79
 

 
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.

 


Copyright 2024, cxsecurity.com

 

Back to Top